Dr Marielle S. Gross,1 and Robert C. Miller2
Authors: 1Johns Hopkins University Bloomberg School of Public Health; Berman Institute of Bioethics; 2ConsenSys Health, New York, USA
Corresponding author: Marielle S. Gross, 1809 Ashland Avenue, Baltimore, MD 21205, USA. Email: mgross23@jhmi.edu
Section: Methodology
We propose that blockchain technology complemented by secure computation methods can foster implementation of a learning healthcare system (LHCS) by minimizing upfront patient-facing compromises with unsurpassed data security and privacy, and by optimizing the system’s fulfillment of its obligations to respect patients through transparency, engagement, and accountability. We demonstrate how a blockchain-enabled LHCS could foster patient willingness to contribute to learning by providing desired security and control over health data. In addition, secure computation methods could enable meta-analysis without exposing individual-level data, thus allowing the system to protect patients’ privacy while simultaneously learning from their data. The transparency and immutability of blockchain ledgers would also support the public’s trust in the system by allowing patients to audit and oversee which of their data are used, how they are used, and by whom. Furthermore, blockchain communities are community-governed peer-to-peer networks in which sharing builds mutually beneficial value, offering a model for engaging patients as LHCS stakeholders. Smart contracts could be used to ensure accountability of the system by embedding feedback mechanisms by which patients directly and automatically realize benefits of sharing their data.
Keywords: Bioethics, Blockchain Technology, Data Security, Data Sharing, Digital Privacy, Health Data, Learning Healthcare System, Secure Computation.
A learning healthcare system (LHCS)—the new paradigm for healthcare organization, delivery, and continuous, real-time improvement—has yet to be attained.1 Optimizing learning requires integration of clinical care and clinical research, and the LHCS’s proposed ethical framework asserts that patients are obligated to contribute to learning, primarily by allowing their health data to be used toward that end. At the same time, however, the rights and interests of individual patients must be protected.2
While patients as a class will ultimately benefit from the LHCS, the normative challenge is how to obligate patients to contribute to learning without violating these rights and interests, including patient interests in avoiding nonclinical risks/burdens, such as compromised privacy and security of health data. Striking this balance is problematic given increasingly common health data breaches, which undermine public trust in institutional stewardship of health data.3 Thus, a critical barrier to implementing the LHCS is that patients be willing to shoulder this obligation ex ante, before the reciprocal benefits of forgoing some of their rights are established.
We propose that blockchain technology—a novel decentralized data structure that gives users unique assurances of trust—together with secure computation techniques can empower and accelerate the shift to a LHCS by minimizing upfront patient-facing compromises and optimizing fulfillment of the system’s obligation to respect rights, privacy, and dignity of patients.
A blockchain is a revolutionary technology that distributes control of a database over a network of computers. Blockchains maintain consensus among this network of computers around the “single state of truth” for a given database.
Blockchain technology has disrupted the financial and technology sectors in recent years by decentralizing, and thus fundamentally reconfiguring the storage, verification, and exchange of data. The first and most widely known use case of a blockchain is Bitcoin, a novel peer-to-peer digital currency leveraging a shared public ledger on which all financial transactions are immutably recorded and guarded from tampering by advanced cryptography. The beauty of blockchain technology is that it maximizes both the security and transparency of digital assets while simultaneously empowering users by allowing direct peer-to-peer transactions without intervening governmental or financial institutions. The system is considered “trustless” in that it does not rely on a third party to adjudicate the shared ledger, and thus does not require its participants to trust each other or a common administrator.
More recently, blockchain technology garnered attention as a potential solution to the siloed nature of current electronic medical records (EMRs) whose failure to interface from one health system to another makes health care significantly more prone to error and less efficient than it could be given the current state of medical innovation. Yet, blockchain technology promises more than an evolution in the state-of-art for medical records.
Blockchain in Healthcare Today released its first volume in January 2018, with articles discussing how the blockchain can facilitate sharing of health data, streamlined ethics review under the updated Common Rule, and public health surveillance. However, interest in blockchain’s application to healthcare and academic literature to date has been dominated by private enterprises advancing proprietary blockchain-based solutions to individual and organizational consumers.
Here, we demonstrate how a blockchain’s ability to protect rights and dignity of patients and minimize imposition of nonclinical risks will promote patient willingness to embrace their obligation to contribute to learning healthcare activities. Specifically, blockchain technology addresses critical, rate-limiting ethical challenges for advancement of a LHCS related to concerns about the security of sensitive health data, and will promote fulfillment of the system’s obligations for transparency, engagement, and accountability.4,5
Studies show that consumers are concerned about the security and privacy of EMRs and desire greater transparency and control over their data.6,7 While the ethical framework for LHCS would require patients to forgo some privacy and control of their data, these concerns are validated by healthcare data breaches, which have continued to increase over the past decade, with theft/exposure estimated to have affected nearly 190 million US healthcare records as of 2018.8
Motivated to take power from institutions and return it to individuals, blockchains were developed and offer a powerful combination of strong assurances of trust, distributed data, advanced cryptographic protections, and underlying immutability. The security of the “trustless” computation-dependent system is reinforced by use of decentralized storage systems. In contrast to current centralized EMR storage repositories, numerous locations would have to be hacked before data would be compromised. Moreover, blockchains are driven by consensus between the nodes of a network, and this makes it exceedingly difficult to retroactively alter a blockchain. As a result of this, an immutable underlying record of the “truth” is generated, which cannot be corrupted or manipulated by independent third parties. A “trustless” system may be essential to assure the public that the use and exchange of personal health data are consistent with respect for patient rights and dignity.
Furthermore, an equally transformative technology called “zero knowledge proofs” has been implemented alongside blockchains, such as the Zcash blockchain, to enable verification of transactional data without compromising either privacy or security. Zero knowledge proofs allow computation to be performed on data without exposing the data’s actual content.9 Although a fledgling technology, zero knowledge proofs could theoretically allow us to learn from individuals’ health data without requiring any of the data to be shared. This presents significant advantages over the current ethical standard of protecting privacy via deidentifying data, a practice that has been fundamentally undermined in the era of machine learning and data as identity.10,11 For example, the U.S. Health Insurance Portability and Accountability Act states that Protected Health Information is sufficiently deidentified, and thus can be disclosed or otherwise used, by removing 18 specific identifiers such as name, birthdate, address, medical record number, and so on. The public is aware that such data have been “un-deidentified;” also, there is growing awareness that identity can be reconstructed from deidentified data sets when powerful machine learning is applied to the vast data that now exist about any one individual. The ability for these innovative computation systems to derive the product of big data analytics without ever exposing the primary data could circumvent a key ethical dilemma for obligating patients to compromise their privacy in the name of learning and therefore may eliminate central privacy-related concerns regarding “broad consent” for health data research.7,12
Interestingly, the same system that optimizes data security does so by keeping a transparent record on a public, permissionless ledger that is continuously updated and can be accessed by anyone, anytime, and from anywhere.1 Taken together, the disseminated data network constitutes a “single version of the truth” that permits users to directly audit their data’s immutable transaction history. Applied to a LHCS, this would enable patients or patient representatives to supervise all uses (and attempted uses) of their health data, including, but not limited to, clinical and learning activities. The shared ledger could provide an accurate, up-to-date report of the ongoing research using an individual’s data, what knowledge outputs they have contributed, and which practice updates have been made as a result (more on this in following sections). The fundamental transparency of the blockchain would assure patients that they could always know who is using their data, which portions of their data are being accessed, and for what purpose.
While a public, permissionless ledger seems antithetical to some desired features of EMRs, not all data must be stored on the ledger. Sensitive data can be stored “off-chain” and a hash (a sort of digital fingerprint) of that data can be stored “on-chain” to prove that there has been no tampering with the data. Moreover, smart contracts could be used to manage various permissions to this off-chain data. This architecture could leverage the desired benefits of a public ledger while keeping sensitive data private.
Champions of the LHCS note that the cultural changes required for transitioning to a LHCS pose a greater challenge than securing the necessary technical infrastructure. The ethos of blockchain technology, in addition to its technical features, could promote a LHCS by virtue of its foundation in peer-to-peer engagement and cooperative nature. At their core, blockchains are communities of stakeholders unified by a collaborative approach in which sharing is normative, incentivized, and yields collective benefits.13 They are organized around interoperable, open-source building blocks with shared standards and information, allowing cumulative layers of value to be built over a common, underlying framework.
There are many emergent systems for governing blockchains, but they all operate under the same principles of decentralized control and shared decision-making between stakeholders. Several blockchains have made explicit the implicit democratic norms of these communities, instituting formal governance systems where stakeholders vote on proposals, shaping the evolution of the community. Bitcoin exemplifies the power of the blockchain ethos to promote individuals’ willingness to contribute to a system in which individual and collective incentives are aligned: tens of billion dollars of de novo value have been generated over several years by the globally disseminated efforts of individual community members, all without a central body coordinating development or controlling the Bitcoin network. Beyond technological pioneers, the implementation of blockchains has spurred a revolution in communal governance in which individual stakeholders are vested with meaningful stakes in the process.
Thus, a blockchain-enabled LHCS could apply similar principles to engage patients as stakeholders, simultaneously meeting the ethical imperative of involving patients as stewards of the system’s activities and encouraging patient involvement by asserting their value as contributors. For example, a rotating lottery system, or other form of representative self-governance, could periodically identify a random subset of patients who would be responsible for reviewing and provide feedback on current and future learning activities. This built-in system of user engagement could dictate learning priorities, informed consent requirements, and operational aspects of participation in learning (e.g., opt-in vs. opt-out).
While further details are outside the scope of the present discussion, premising the LHCS on universal access to affordable health care would help secure individuals’ vested interest in the system’s learning; and empowering patients as voting stakeholders would emphasize the imperative of ensuring their ability to make informed decisions in that role.
Blockchain technology’s interoperable components, “smart contract” architecture, and token-based incentives can facilitate accountability of the LHCS. Where legacy electronic health systems optimize data sovereignty, blockchain networks are designed for seamless, multidirectional data transfer and can be used to implement systematic adoption of innovation with appropriate, predetermined checks and balances. Keeping patients informed, applying learning to clinical practice, and sharing learning with external entities like public health agencies would be supported by a network in which peer-to-peer communication between various stakeholders proceeds without extraneous intermediaries.
Using a blockchain, data exchange can be managed by “smart contracts”: transparent and automatically executing code defined a priori by stakeholders. These can also be thought of as trustless because stakeholders do not have to trust any given party to know that the code defined in a smart contract will be executed.
The smart contracts at the core of a blockchain-empowered LHCS could automatically incorporate learning into practice. For example, a smart contract could specify that certain patient data are analyzed at specified intervals, with results imputed directly into standardized clinical algorithms within the patient-and-provider-facing user interfaces. Smart contracts could build accountability into the LHCS by ensuring that learning from patient data is transparent, accessible, and contractually bound to improving clinical care without depending on further human action.
Thus far, proposed benefits to patients from the LHCS have been chiefly described as indirect benefits of generally improved health care. Meanwhile, the sharing economy has accustomed consumers to the benefits of sharing personal information (e.g., quickly find a taxi based on one’s location)—benefits that increase with the total number of participants. This may have primed individuals to willingly share health information in exchange for real-time, direct benefits.
Blockchain technology could accelerate realization of direct benefits to patients if smart contracts automatically notify patients and their clinicians when learning activities they contribute to result in new knowledge that may be clinically relevant to their own care. Also, blockchains are often accompanied with their own cryptocurrency (tokens) to incentivize disparate parties to organize around a common purpose. Similarly, tokens could help incentivize patients to contribute to learning by providing immediately valuable feedback on an individual’s health data in tandem with an asset that promises to accrue in value over time as value of the system they have contributed to grow.
Finally, blockchain technology could enhance LHCS accountability via improved quality, validity, and efficiency of health research. A transparent, immutable data trail would foster replicability and auditing of research findings prior to widespread implementation. By standardizing record forms and building interoperability across organizations and platforms, a blockchain-enabled LHCS could yield enhanced quality and exponentially increased quantity of data for meta-analyses. This proficiency could extend to Institutional Review Boards (IRBs), and may support streamlined approval for multisite pragmatic and traditional clinical trials.14 Furthermore, blockchains could democratize peer review: requiring consensus among an extended network of pseudonymous experts and direct peer-to-peer research review could help eliminate bottlenecks of human bias and untenable time-delays in scientific literature. Blockchain-based “peer-to-peer-review” could also be “tokenized,” a term that refers to developing an incentive structure using a token that helps achieve a stated social goal, and that may yield more diverse, efficient, and judicious review of research, and drive fulfillment of clinician/researcher obligations to be continuously engaged in learning.
Several issues must be addressed for blockchain technology to help operationalize an ethically sound LHCS. For example, widespread patient buy-in will rely on effectively communicating sophisticated details about how blockchain technology will protect patients differently than existing electronic health systems. The extent of automation and transparency of clinical decision-making suggested by this system may threaten respect for clinician’s judgment,2 and could yield undesirable moral or practical outcomes, including resistance from healthcare providers or overzealous implementation of conclusions from meta-analyses of heterogenous data, which have been notoriously difficult to adequately depict in health records. How to appropriately tokenize the LHCS to align incentives and promote patient and other stakeholder engagement in mutually beneficial learning is yet to be determined. While universal access to affordable health care is likely part of the answer from a patient perspective, significant political and financial hurdles remain.
Existing puzzles regarding how to balance health outcomes and cost-effectiveness considerations in public health policy and practices may be amplified if smart contract algorithms make determinations that have morally unacceptable consequences, such as allocating scarce treatments to people with higher incomes because they are more likely to do well. While blockchain technology and zero knowledge proofs may prevent identity-based discrimination by protecting security and privacy of individuals’ health data, this will not be sufficient to prevent group-harms that may occur or be facilitated by more powerful and potentially more accurate stereotypes developed by machine learning, particularly because underlying data capture existing biases. Novel strategies for moral oversight will be required to prevent smart contracts and machine learning from unintentionally embedding health disparities into the LHCS architecture. Inclusion of vulnerable groups who may not have access to or facility with modern technology must be prioritized, and likewise, equity may demand universal access to technology.
There are technical challenges inherent to using blockchain technology. Determining who has access to which health data will be essential for a truly interconnected system (e.g., whether physicians or insurance companies should have access to user data from durable medical equipment or fitness trackers). This will also require schemes for confirming user identities and preventing health information from becoming unrecoverable if users lose the keys to access their data. In addition, further advancements in computer science and engineering are prerequisites for environmentally responsible scaling of blockchain technology to a point where it could support a LHCS; and significant time, human capital, and resource investments will be required to prepare blockchain infrastructure for its most complex use case to date.
Finally, as a very new technology, there are anticipated threats, such as the development of quantum computing, which could compromise encryption—an especially worrisome threat given the harm that could be done if the entirety of an interconnected system could be exposed. In addition, we should anticipate yet unknown vulnerabilities.
Blockchain technology’s ability to deliver unsurpassed data security and privacy, especially in tandem with zero knowledge proofs or other forms of secure computation, and to simultaneously optimize fulfillment of obligations for transparency, engagement, and accountability represents an opportunity to overcome existing ethical and technical barriers to LHCS implementation.
Next steps will include addressing issues enumerated above, with support from interdisciplinary teams of patient representatives, health professionals, healthcare organizational stakeholders, public and private enterprise, and diverse experts from the fields of public health, economics, health policy, computer science, and systems engineering.
To successfully build a blockchain-enabled LHCS, we must first learn how to communicate the ethical and technological advantages of this approach to a broad audience. Greater awareness of these potential benefits by patients and other stakeholders will empower a collective exploration of how to optimally leverage blockchain and affiliated technologies to protect patient rights, privacy and dignity while promoting individuals’ willingness to contribute to learning.
Funding statement: This work received no funding. Marielle Gross’s research is supported by the Hecht-Levi Fellowship through the Johns Hopkins Berman Institute of Bioethics.
Conflict of Interest: The authors declare no conflict of interest.
Contributors’ Contributions: Both authors contributed to literature review and collaborated on conceptual analysis and writing of the manuscript. Marielle Gross wrote the initial draft, and Robert Miller provided substantial revisions, and conceptual and editorial support. Both authors approve the final draft.
1 The authors note that there are private or “consortia” deployments of blockchains, but here we are talking explicitly about public blockchains.
2 Respect for clinician judgment is also an obligation under the ethical framework for LHCS.
1. | Institute of Medicine. Best care at lower cost: The path to continuously learning health care in America. Smith M, Saunders R, Stuckhardt L, McGinnis JM, editors. Washington, DC: The National Academies Press; 2013. https://www.nap.edu/catalog/13444/best-care-at-lower-cost-the-path-to-continuously-learning |
2. | Faden RR, Kass NE, Goodman SN, Pronovost P, Tunis S, Beauchamp TL. An ethics framework for a learning health care system: A departure from traditional research ethics and clinical ethics. Hastings Cent Rep. 2013;43(s1):S16–S27 January-February 2013; Spec No:16. https://www.researchgate.net/publication/260330491_An_Ethics_Framework_for_a_Learning_Health_Care_System_A_Departure_from_Traditional_Research_Ethics_and_Clinical_Ethics |
3. | Mouton Dorey C, Baumann H, Biller-Andorno N. Patient data and patient rights: Swiss healthcare stakeholders’ ethical awareness regarding large patient data sets—A qualitative study. BMC Med Ethics. 2018;19(1):20. https://www-ncbi-nlm-nih-gov.proxy1.library.jhu.edu/pmc/articles/PMC5842517/ |
4. | Kass NE, Faden RR. Ethics and learning health care: The essential roles of engagement, transparency, and accountability. Learn Health Syst. 2018 Oct;2(4). https://www.researchgate.net/publication/327735652_Ethics_and_Learning_Health_Care_The_Essential_roles_of_engagement_transparency_and_accountability |
5. | McLennan S, Kahrass H, Wieschowski S, Strech D, Langhof H. The spectrum of ethical issues in a learning health care system: A systematic qualitative review. Int J Qual Health Care. 2018 Apr 1;30(3):161–8. https://academic.oup.com/intqhc/article/30/3/161/4831040 |
6. | Dimitropoulos L, Patel V, Scheffler SA, Posnack S. Public attitudes toward health information exchange: Perceived benefits and concerns. Am J Manag Care. 2011 Dec;17(12 Spec No.):116. https://www.researchgate.net/publication/232710744_Public_attitudes_toward_health_information_exchange_Perceived_benefits_and_concerns |
7. | Weinfurt KP, Bollinger JM, Brelsford KM, et al. Patients’ views concerning research on medical practices: Implications for consent. AJOB Empir Bioeth. 2016;7(2):76–91. https://www.tandfonline.com/doi/abs/10.1080/23294515.2015.1117536?tokenDomain=eprints&tokenAccess=pgtg26XIzjnyIp6PCNZw&forwardService=471ptshowFullTextdoi=10.1080%2F23294515.2015.471pt1117536&doi=10.1080%2F23294515.2015.1117536&journalCode=uabr21 |
8. | Healthcare Data Breach Statistics [serial online]. 2019 [cited 2019 Apr 14]. HIPAA J. Available from: https://www.hipaajournal.com/healthcare-data-breach-statistics/ |
9. | The parrot and the viper: A tale of Ethereum scalability [homepage on the Internet]. 2018 [updated -11-07T17:08:28.973Z; cited 2018 Nov 19]. Available from: https://media.consensys.net/the-parrot-and-the-viper-a-tale-of-ethereum-scalability-ef475f84c2f0 |
10. | Davis II J, Osoba O. Improving privacy preservation policy in the modern information age. Health Technol. 2019 Jan 24;9(1):65–75. https://link.springer.com/article/10.1007/s12553-018-0250-6 |
11. | Immorlica N. A social approach to decentralized identity [homepage on the Internet]. RadicalXChange. Detroit, MI. [cited 2019 Mar 22]. https://firebasestorage.googleapis.com/v0/b/hoverboard-site-prod.appspot.com/o/Presenations%20%26%20Abstracts%20%26%20Session%20Descriptions%2FI%2BR%2FRadicalxChange%20I%2BR%20Panels(mar22).pdf?alt=media&token=9230f77f-2610-47ec-89aa-9665f748d1a8 |
12. | Kass N, Faden R, Fabi RE, et al. Alternative consent models for comparative effectiveness studies: Views of patients from two institutions. AJOB Empir Bioeth. 2016 Apr 2;7(2):92–105. https://www.tandfonline.com/doi/full/10.1080/23294515.2016.1156188 |
13. | Goertzel B, Goertzel T, Goertzel Z. The global brain and the emerging economy of abundance: Mutualism, open collaboration, exchange networks and the automated commons. Technol Forecast Soc Change [serial online]. 2017;114:65–73. https://www.sciencedirect.com/science/article/pii/S0040162516300117 |
14. | Rahimzadeh V. Ethics governance outside the box: Reimagining blockchain as a policy tool to facilitate single ethics review and data sharing for the ‘omics’ sciences. BHTY. 2018 Mar 27;1(0). https://blockchainhealthcaretoday.com/index.php/journal/article/view/18 |
Copyright Ownership: This is an open access article distributed in accordance with the Creative Commons Attribution Non Commercial (CC BY-NC 4.0) license, which permits others to distribute, adapt, enhance this work non-commercially, and license their derivative works on different terms, provided the original work is properly cited and the use is non-commercial. See: http://creativecommons.org/licenses/by-nc/4.0.